[ https://issues.apache.org/jira/browse/DISPATCH-1741?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17170892#comment-17170892 ]
ASF subversion and git services commented on DISPATCH-1741: ----------------------------------------------------------- Commit c9bfd071ac2ba5515aaf5e51c7cf224a667210ac in qpid-dispatch's branch refs/heads/dependabot/npm_and_yarn/console/react/patternfly/react-charts-6.6.0 from Ernest Allen [ https://gitbox.apache.org/repos/asf?p=qpid-dispatch.git;h=c9bfd07 ] DISPATCH-1741: Regenerated package-lock.json for console and updated yargs-parser. The previous version of package-lock.json broke npm test > Update console dependency for yargs-parser to avoid security warning > -------------------------------------------------------------------- > > Key: DISPATCH-1741 > URL: https://issues.apache.org/jira/browse/DISPATCH-1741 > Project: Qpid Dispatch > Issue Type: Bug > Components: Console > Affects Versions: 1.13.0 > Reporter: Ernest Allen > Assignee: Ernest Allen > Priority: Major > Fix For: 1.13.0 > > > A new security vulnerability was identified with the released version of > yargs-parser. > The dependency path is > react-scripts > webpack-dev-server > yargs > yargs-parser > Since react-scripts has not been updated to require the version of > yargs-parser that fixes the vulnerability, the package-lock.json file needs > to be updated manually to require yargs-parser version 13.1.2 > See https://github.com/facebook/create-react-app/issues/9033 for a discussion > on the issue with react-scripts. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org